Pre-Assessment Exam Flashcards
Which prevention and mitigation measures best protect against the impact of a ransomware attack? (Choose two.)
ICMP blocking rules
Alert e-mail notifications
System imaging
Data backups
System imaging
Data backups
In the event of a ransomware infection, systems can be quickly returned to an operational state by applying a system image. Frequent data backups enable the restoration of data prior to the ransomware outbreak
A company executive complains that her online banking credentials no longer work. After further investigation, you determine that the user clicked a link in a fraudulent e-mail meant to deceive bank customers. Which type of attack occurred?
Tailgating
Hoax
Phishing
Phishing
Phishing scams attempt to convince victims to divulge sensitive information such as online banking credentials
Which type of attack involves an attacker injecting malicious executable code into a web site page that will be viewed by others?
Buffer overflow
Cross-site request forgery
Cross-site scripting
Cross-site scripting
Cross-site scripting attacks result from victims using a web site that a malicious user has injected with malicious code. The victim’s web browser then executes that code. This can result from ineffective web form field input validation
A malicious user enters a coffee shop and configures a Wi-Fi hotspot that uses the same name used by the legitimate public Wi-Fi available in the coffee shop. What has the malicious user configured?
MAC spoofing
IP spoofing
Evil twin
Evil twin
An evil twin is an additional Wi-Fi network configured by an attacker to appear as an existing legitimate Wi-Fi network, in hopes that unsuspecting users will connect to it
What will detect network or host intrusions and take actions to prevent an intrusion from continuing?
IPS
IDS
IPSec
IPS
An intrusion prevention system (IPS) actively monitors network or system activity for abnormal activity and can be configured to take steps to stop or contain it. Abnormal activity can be detected by checking for known attack patterns (signature-based) or variations beyond normal activity (anomaly-based)
A router must be configured to allow traffic from certain hosts only. How can this be accomplished?
ACL
Subnet
Proxy server
ACL
Access control lists (ACLs) are router settings that allow or deny various types of network traffic from or to specific hosts
Your company issues smart phones to employees for business use. Corporate policy dictates that all data stored on smart phones must be encrypted. To which fundamental security concept does this apply?
Confidentiality
Integrity
Availability
Confidentiality
Confidentiality ensures that data is accessible only to those parties who should be authorized to access the data. Encrypting data stored on smart phones protects that data if the phone is lost or stolen
To give a contractor network access quickly, a network administrator adds the contractor account to the Windows Administrators group. Which security principle does this violate?
Separation of duties
Least privilege
Job rotation
Least privilege
The least privilege principle states that users should be given only the rights needed to perform their duties and nothing more. Adding a contractor to the Administrators group violates this principle by granting the contractor too much privilege
Complex passwords are considered which type of security control?
Management
Technical
Physical
Technical
Technical security controls such as complex passwords are used to protect computing resources such as files, web sites, databases, and so on. Complex passwords can help prevent malicious access to IT systems and data
n insurance company charges an additional $200 monthly premium for natural disaster coverage for your business site. What figure must you compare this against to determine whether to accept this additional coverage?
ALE
ROI
Total cost of ownership
ALE
The annual loss expectancy (ALE) value refers to the yearly cost related to the loss of the use of a service or business process. ALE is used with quantitative risk analysis approaches to prioritize and justify expenditures that protect from potential risks. For example, an ALE value of $1000 might justify a $200 annual expense to protect against that risk
Which of the following physical access control methods do not normally identify who has entered a secure area? (Choose two.)
Access control vestibule
Hardware locks
Fingerprint scan
Smartcard
Access control vestibule
Hardware locks
Access control vestibules are designed to trap trespassers in a restricted area. Some access control vestibule variations use two sets of doors, one of which must close before the second one opens. Traditional access control vestibules do not require access cards. Hardware locks simply require possession of a key. Neither verifies the person’s identity
Juanita uses the Firefox web browser on her Linux workstation. She reports that her browser home page keeps changing to web sites offering savings on consumer electronic products. Her virus scanner is running and is up-to-date. What is the most likely cause of the problem?
Juanita is experiencing a denial-of-service attack.
Juanita’s user account has been compromised.
Juanita’s browser configuration is being changed by adware.
Juanita’s browser configuration is being changed by adware.
Adware attempts to expose users to advertisements in various ways, including through pop-ups or changing the web browser home page. Spyware often analyzes user habits so that adware displays relevant advertisements. Some antivirus software also scans for spyware, but not in this case
Which of the following refers to unauthorized data access of a Bluetooth device over a Bluetooth wireless network?
Bluejacking
Bluesnarfing
Packet sniffing
Bluesnarfing
Bluesnarfing is the act of connecting to and accessing data from a device over a Bluetooth wireless connection. It is considered much more invasive than packet sniffing or port scanning
The process of disabling unneeded network services on a computer is referred to as what?
Patching
Fuzzing
Hardening
Hardening
Hardening includes actions such as disabling unneeded services to make a system more secure
How can you best prevent rogue machines from connecting to your network?
Deploy an IEEE 802.1x configuration.
Use strong passwords for user accounts.
Use IPv6.
Deploy an IEEE 802.1x configuration.
The IEEE 802.1x standard requires that devices be authenticated before being given network access. For example, it might be configured for VPN appliances, network switches, and wireless access points that adhere to the standard
You want to focus and track malicious activity to a particular host in your screened subnet. What should you configure?
Honeynet
Honeypot
Screened subnet tracker
Honeypot
A honeypot is an intentionally vulnerable host used to attract and track malicious activity
A security auditor must determine which types of servers are running on a network. Which tool or technique is best suited for this task?
OS fingerprinting
Protocol analyzer
Port scanner
OS fingerprinting
Network mapping and vulnerability scanning utilities can map a network’s layout and identify operating systems running on hosts using OS fingerprinting. This technique analyzes network packets to and from the host to identify the operating system in use
Which type of security testing provides network configuration information to testers?
Known environment
Unknown environment
Partially known environment
Known environment
A known environment test provides testers with detailed configuration information regarding the software or network they are testing
The web developers at your company are testing their latest web site code before going live to ensure that it is robust and secure. During their testing, they provide malformed URLs with additional abnormal parameters as well as an abundance of random data. Which term describes their actions?
Cross-site scripting
Fuzzing
Patching
Fuzzing
Fuzzing is a means of injecting data into an application that it does not expect to ensure that no weaknesses are present in the application
Which solution can centrally authenticate users between different organizations?
RADIUS
RADIUS federation
EAP-FAST
RADIUS federation
RADIUS federation required a trusted identify provider in one organization. Edge devices forward authentication requests only to a RADIUS server located on a protected network
What can be done to protect data after a handheld device is lost or stolen?
Enable encryption.
Execute a remote wipe.
Enable screen lock.
Execute a remote wipe.
Mobile device administrators can configure devices such that sensitive apps and data can be removed remotely, or wiped, if the device is lost or stolen
Which firmware solution can store keys used for storage media encryption?
TPM
DLP
EFS
TPM
Trusted Platform Module (TPM) chips can store cryptographic keys or certificates used to encrypt and decrypt drive contents. If the drive were moved to another computer (even one with TPM), the drive would remain encrypted and inaccessible
Your company has issued Android-based smart phones to select employees. Your manager asks you to harden the phones and ensure that data confidentiality is achieved. How should you address your manager’s concerns while minimizing administrative effort?
Implement SCADA, screen locking, device encryption, and antimalware, and disable unnecessary software on the phones.
Implement PKI VPN authentication certificates, screen locking, and antimalware, and disable unnecessary software on the phones.
Implement screen locking, device encryption, patching, and antimalware, and disable unnecessary software on the phones.
Implement screen locking, device encryption, patching, and antimalware, and disable unnecessary software on the phones.
Hardening a smart phone includes configuring automatic screen locking, encrypting data on the device, patching the OS and required apps, installing and updating antimalware, and disabling unnecessary features and software
Stored data is referred to as:
Data-in-process
Data-in-transit
Data-at-rest
Data-at-rest
Data-at-rest is data stored on media